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REMARKS/ARGUMENTS 

Claims 1, 3, 7, 8, 10, 1 1, 18, and 28 are amended herein. Claims 1-4, 7-12, 18-19, 
21, and 23-28 are currently pending. 

The courteous telephone interview granted applicants' undersigned attorney by 
Examiner Michael Keefer on May 26, 2009 is hereby respectfully acknowledged. The 
amendments and arguments presented herein were discussed. 

Claims 1-4 and 7-10, 12, 18-19, 21, 23, and 25-28 stand rejected under 35 U.S.C. 
103(a) as being unpatentable over Patent No. 7,181,534 (Semaan et al.), in view of U.S. 
Patent No. 6,128,298 (Wootton et al.), and further in view of U.S. Patent No. 5,781,550 
(Templin). Claim 1 1 stands rejected under 35 U.S.C. 103(a) as being unpatentable over 
Semaan et al., Wootton et al., and Templin, and U.S. Patent Nos. 5,623,601 (Vu). Claim 
24 stands rejected under 35 U.S.C. 103(a) as being unpatentable over Semaan et al., 
Wootton et al., and Templin, and U.S. Patent Application No. 2003/01 15485 (Milliken). 

Claims 1, 7, and 8 have been amended to clarify that the filtering rules apply to 
the categorized packets and that the filtering rules comprise rules that specify which 
packets are accepted and which packets are rejected. 

Semaan et al. disclose an address resolution protocol to map IP addresses to a 
node transport identifier. A drawback with systems such as disclosed in Semaan et al. 
that have an IP based DCC, is that features previously present in the separation between 
an OSI based DCC and an IP based DCN are missing. In contrast to Semaan et al., 
applicants' claimed gateway network element provides onboard separation between the 
networks that mimic the features of the separation between the OSI based DCC and the 
IP based DCN found in legacy systems. Applicants' claimed invention provides this 
separation through application of filtering rules based on which interface a packet is 
received. 
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As noted by the Examiner, Semaan et al. do not disclose categorizing a received 
packet or selecting and applying a set of filtering rules to received packets. 

Wootton et al. disclose an Internet Protocol (IP) filter. The IP filter effects a 
translation between a source port number for a private network and a destination port 
number for the public network for communication therebetween. 

Wootton et al. simply reject packets requesting a connection request from a public 
network. There is no categorizing of packets such that categorized packets can later be 
filtered according to a specified set of filtering rules. More specifically, Wootton et al. 
do not teach categorizing a received packet based on: (a) the interface over which the 
packet was received; (b) type of packet; or (c) whether the destination address specifies 
the gateway network element. 

With respect to the limitation (a), the Examiner refers to col. 5, lines 30-36 of 
Wootton et al. This section of the patent describes how no connection requests are 
accepted from the public network. Since connection requests are only accepted from one 
interface, there is no categorization of received packets such that categorized packets can 
be filtered, as set forth in the claims. Once a connection is open, there is no 
categorization based on where the packet is received from. 

With regard to categorization based on the type of packet (limitation (b)), the 
Examiner refers to col. 2, lines 53-57 which describe which type of protocols may be 
used. Wootton et al. note that packets of other protocols are ignored. All packet types of 
acceptable protocol are received by Wootton et al. There is no categorization of these 
packets based on packet type so that the categorized packets can then be filtered. 

The Examiner cites Templin et al. with respect to limitation (c). Templin et al. 
describe how packets with a local destination address are presented directly to the input 
side of the transport layer while packets destined for a foreign host are presented to a 
packet screening sub-system for processing. Templin et al. send a packet to a port or 
sub-system based on a destination address in the packet, as is done in conventional 
routing. In contrast to Templin et al., applicants' claimed invention categorizes based on 
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a number of different factors in order to determine what set of filtering rules to apply to a 
packet. 

Accordingly, claims 1, 7, and 8 are submitted as patentable over the cited 
references. 

Claims 2-4, 18, 19, 21, 27, and 28, depending from claim 1, claims 24-26, 
depending from claim 7, and claims 10-12, depending from claim 8, are submitted as 
patentable for at least the same reasons as their base independent claims. 

Claim 2 is further submitted as patentable over Wootton et al., which does not 
show or suggest sending packets over a first IP based interface only when packet specify 
a gateway network element as the source. In rejecting the claims, the Examiner refers to 
col. 5, lines 37-55, which describe a translation table maintained by the IP filter. The 
translation substitutes IP address and ports from the network side to the IP filter's IP 
address and ports. Since the addresses need to be replaced with the filter's addresses, 
they do not originally contain the gateway network element as the source address when 
they are received, as required in claim 2. 

With regard to claims 3, 10, and 18 Wootton et al. do not accept packets in which 
the destination address specifies a subnet broadcast address or a multicast address. 

Claim 1 1 is further submitted as patentable over the cited references which do not 
show or suggest accepting all packets received over a second IP based interface in which 
a destination address specifies the gateway network element, a network element in the 
second network or a multicast address and rejecting all other packets. Vu simply notes 
that the gateway accepts packets having a destination address matching the device. None 
of the cited references, either alone or in combination, teach accepting all packets 
received over a second IP based interface in which a destination address specifies the 
gateway network element, a network element in the second network or a multicast 
address and rejecting all other packets, wherein IP addresses of network elements are not 
visible to network elements in the first network. 
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Claims 19, 25, and 27-28 are further submitted patentable over Wootton et al. 
which do not show or suggest two sets of filtering rules applied based on where the 
packet was received and the destination address of the packet. In rejecting the claim, the 
Examiner refers to col 5, lines 30-36. This section describes how connection requests 
are not received from the public network. There is no disclosure of a different set of 
filtering rules, which specify which packets are accepted and which packets are rejected, 
applied for packets received from the different interfaces. 

With regard to claim 21, Templin et al. do not teach code that tunnels connections 
between a client node and a DCC-connected network element. 

Claim 24 has been amended to clarify that the analysis is performed by the 
processor. Milliken describes saving a packet for human analysis as a type of remedial 
action performed. 

For the foregoing reasons, Applicants believe that all of the pending claims are in 
condition for allowance and should be passed to issue. If the Examiner feels that a 
telephone conference would in any way expedite the prosecution of the application, 
please do not hesitate to call the undersigned at (408) 399-5608. 



Respectfully submitted, 



Cindy Kaplan 
Reg. No. 40,043 




P.O. Box 2448 



Saratoga, CA 95070 
Tel: 408-399-5608 
Fax: 408-399-5609 
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